Merge pull request #1086 from bpfman/dependabot/github_actions/produc… #67

Workflow file for this run

.github/workflows/image-build.yaml at 83e23a9

	name: bpfman-image-build

	on: # yamllint disable-line rule:truthy
	push:
	branches: [main]
	tags:
	- v*

	pull_request:
	paths: [.github/workflows/image-build.yaml]

	jobs:
	build-and-push-images:
	permissions:
	contents: read
	packages: write
	id-token: write # needed for signing the images with GitHub OIDC Token

	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	image:
	- registry: quay.io
	build_language: rust
	repository: bpfman
	image: bpfman
	dockerfile: ./Containerfile.bpfman
	context: .
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	repository: bpfman
	image: bpfman-agent
	dockerfile: ./bpfman-operator/Containerfile.bpfman-agent
	context: .
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	repository: bpfman
	image: bpfman-operator
	dockerfile: ./bpfman-operator/Containerfile.bpfman-operator
	context: .
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	repository: bpfman
	image: bpfman-operator-bundle
	context: ./bpfman-operator
	dockerfile: ./bpfman-operator/Containerfile.bundle
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	repository: bpfman-userspace
	image: go-xdp-counter
	context: .
	dockerfile: ./examples/go-xdp-counter/container-deployment/Containerfile.go-xdp-counter
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	repository: bpfman-userspace
	image: go-tc-counter
	context: .
	dockerfile: ./examples/go-tc-counter/container-deployment/Containerfile.go-tc-counter
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	repository: bpfman-userspace
	image: go-tracepoint-counter
	context: .
	dockerfile: ./examples/go-tracepoint-counter/container-deployment/Containerfile.go-tracepoint-counter
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	repository: bpfman-userspace
	image: go-kprobe-counter
	context: .
	dockerfile: ./examples/go-kprobe-counter/container-deployment/Containerfile.go-kprobe-counter
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	repository: bpfman-userspace
	image: go-uprobe-counter
	context: .
	dockerfile: ./examples/go-uprobe-counter/container-deployment/Containerfile.go-uprobe-counter
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	repository: bpfman-userspace
	image: go-target
	context: .
	dockerfile: ./examples/go-target/container-deployment/Containerfile.go-target
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	bpf_build_wrapper: go
	repository: bpfman-bytecode
	image: go-xdp-counter
	context: ./examples/go-xdp-counter
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=go-xdp-counter
	BPF_FUNCTION_NAME=xdp_stats
	PROGRAM_TYPE=xdp
	BYTECODE_FILENAME=bpf_bpfel.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	bpf_build_wrapper: go
	repository: bpfman-bytecode
	image: go-tc-counter
	context: ./examples/go-tc-counter
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=go-tc-counter
	BPF_FUNCTION_NAME=stats
	PROGRAM_TYPE=tc
	BYTECODE_FILENAME=bpf_bpfel.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	bpf_build_wrapper: go
	repository: bpfman-bytecode
	image: go-tracepoint-counter
	context: ./examples/go-tracepoint-counter
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=go-tracepoint-counter
	BPF_FUNCTION_NAME=tracepoint_kill_recorder
	PROGRAM_TYPE=tracepoint
	BYTECODE_FILENAME=bpf_bpfel.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	bpf_build_wrapper: go
	repository: bpfman-bytecode
	image: go-kprobe-counter
	context: ./examples/go-kprobe-counter
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=kprobe_counter
	BPF_FUNCTION_NAME=kprobe_counter
	PROGRAM_TYPE=kprobe
	BYTECODE_FILENAME=bpf_bpfel.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: go
	bpf_build_wrapper: go
	repository: bpfman-bytecode
	image: go-uprobe-counter
	context: ./examples/go-uprobe-counter
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=uprobe_counter
	BPF_FUNCTION_NAME=uprobe_counter
	PROGRAM_TYPE=uprobe
	BYTECODE_FILENAME=bpf_bpfel.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman-bytecode
	image: xdp_pass
	context: ./tests/integration-test/bpf/.output
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=xdp_pass
	BPF_FUNCTION_NAME=pass
	PROGRAM_TYPE=xdp
	BYTECODE_FILENAME=xdp_pass.bpf.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman-bytecode
	image: xdp_pass_private
	context: ./tests/integration-test/bpf/.output
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=xdp_pass_private
	BPF_FUNCTION_NAME=pass
	PROGRAM_TYPE=xdp
	BYTECODE_FILENAME=xdp_pass.bpf.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman-bytecode
	image: tc_pass
	context: ./tests/integration-test/bpf/.output
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=tc_pass
	BPF_FUNCTION_NAME=pass
	PROGRAM_TYPE=tc
	BYTECODE_FILENAME=tc_pass.bpf.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman-bytecode
	image: tracepoint
	context: ./tests/integration-test/bpf/.output
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=tracepoint
	BPF_FUNCTION_NAME=enter_openat
	PROGRAM_TYPE=tracepoint
	BYTECODE_FILENAME=tp_openat.bpf.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman-bytecode
	image: uprobe
	context: ./tests/integration-test/bpf/.output
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=uprobe
	BPF_FUNCTION_NAME=my_uprobe
	PROGRAM_TYPE=kprobe
	BYTECODE_FILENAME=uprobe.bpf.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman-bytecode
	image: uretprobe
	context: ./tests/integration-test/bpf/.output
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=uretprobe
	BPF_FUNCTION_NAME=my_uretprobe
	PROGRAM_TYPE=kprobe
	BYTECODE_FILENAME=uprobe.bpf.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman-bytecode
	image: kprobe
	context: ./tests/integration-test/bpf/.output
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=kprobe
	BPF_FUNCTION_NAME=my_kprobe
	PROGRAM_TYPE=kprobe
	BYTECODE_FILENAME=kprobe.bpf.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman-bytecode
	image: kretprobe
	context: ./tests/integration-test/bpf/.output
	dockerfile: ./Containerfile.bytecode
	build_args: \|
	PROGRAM_NAME=kretprobe
	BPF_FUNCTION_NAME=my_kretprobe
	PROGRAM_TYPE=kprobe
	BYTECODE_FILENAME=kprobe.bpf.o
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	type=sha,format=long
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman
	image: xdp-dispatcher
	context: .
	dockerfile: ./Containerfile.xdp_dispatcher_v1
	tags: \|
	type=sha,format=long
	type=raw,value=v1,enable=true

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman
	image: xdp-dispatcher
	context: .
	dockerfile: ./Containerfile.xdp_dispatcher_v2
	tags: \|
	type=sha,format=long
	type=raw,value=v2,enable=true

	- registry: quay.io
	build_language: rust
	bpf_build_wrapper: rust
	repository: bpfman
	image: tc-dispatcher
	context: .
	dockerfile: ./Containerfile.tc_dispatcher
	tags: \|
	type=sha,format=long
	type=raw,value=v1,enable=true

	name: Build Image (${{ matrix.image.image }})
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-go@v5
	if: ${{ matrix.image.build_language == 'go' }}
	with:
	# prettier-ignore
	go-version: '1.21' # yamllint disable-line rule:quoted-strings

	- uses: sigstore/[email protected]

	- uses: actions/checkout@v4
	if: ${{ matrix.image.bpf_build_wrapper == 'rust' }}
	with:
	repository: libbpf/libbpf
	path: libbpf

	- uses: actions-rs/toolchain@v1
	if: ${{ matrix.image.build_language == 'rust' }}
	with:
	toolchain: stable
	override: true

	- name: Install libelf-dev
	if: ${{ matrix.image.bpf_build_wrapper == 'rust' \|\| matrix.image.bpf_build_wrapper == 'go' }}
	run: \|
	sudo apt-get update
	sudo apt-get install -y linux-headers-`uname -r` clang lldb lld libelf-dev gcc-multilib libbpf-dev

	- name: Build rust wrapped eBPF
	if: ${{ matrix.image.bpf_build_wrapper == 'rust' }}
	run: \|
	cargo xtask build-ebpf --libbpf-dir ./libbpf

	- name: Install bpf2go
	if: ${{ matrix.image.bpf_build_wrapper == 'go' }}
	run: \|
	go install github.com/cilium/ebpf/cmd/[email protected]

	- name: Generate go wrapped eBPF
	if: ${{ matrix.image.bpf_build_wrapper == 'go' }}
	run: \|
	cd examples && make generate

	- name: Generate olm bundle on disk
	if: ${{ matrix.image.image == 'bpfman-operator-bundle' }}
	run: \|
	cd bpfman-operator && make bundle

	- name: Login to quay.io/bpfman
	uses: redhat-actions/podman-login@v1
	if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman'}}
	with:
	registry: ${{ matrix.image.registry }}
	username: ${{ secrets.BPFMAN_USERNAME }}
	password: ${{ secrets.BPFMAN_ROBOT_TOKEN }}

	- name: Login to quay.io/bpfman-userspace
	uses: redhat-actions/podman-login@v1
	if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman-userspace'}}
	with:
	registry: ${{ matrix.image.registry }}
	username: ${{ secrets.BPFMAN_USERSPACE_USERNAME }}
	password: ${{ secrets.BPFMAN_USERSPACE_ROBOT_TOKEN }}

	- name: Login to quay.io/bpfman-bytecode
	uses: redhat-actions/podman-login@v1
	if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman-bytecode' }}
	with:
	registry: ${{ matrix.image.registry }}
	username: ${{ secrets.BPFMAN_BYTECODE_USERNAME }}
	password: ${{ secrets.BPFMAN_BYTECODE_ROBOT_TOKEN }}

	- name: Extract metadata (tags, labels) for image
	id: meta
	uses: docker/[email protected]
	with:
	images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }}
	tags: ${{ matrix.image.tags }}

	- name: Build image
	id: build-image
	uses: redhat-actions/buildah-build@v2
	with:
	image: ${{ matrix.image.image }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	containerfiles: ${{ matrix.image.dockerfile }}
	build-args: ${{ matrix.image.build_args }}
	context: ${{ matrix.image.context }}

	- name: Push to registry
	id: push-image
	uses: redhat-actions/push-to-registry@v2
	if: ${{ github.event_name == 'push' }}
	with:
	tags: ${{ steps.meta.outputs.tags }}

	- name: Sign the images with GitHub OIDC Token
	if: ${{ github.event_name == 'push' }}
	run: \|
	readarray -t tags <<<"${{ steps.meta.outputs.tags }}"
	for tag in ${tags[@]}; do
	cosign sign -y "${tag}@${{ steps.push-image.outputs.digest }}"
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1086 from bpfman/dependabot/github_actions/produc… #67

Workflow file

Merge pull request #1086 from bpfman/dependabot/github_actions/produc… #67

Jobs

Run details

Workflow file for this run